Re: Pattern specification trouble



On another note; for the Host declaration in .ssh/config you would need to check `man ssh_config`.
The Host declaration in the config file is not for key authentication and host checking, it's a sort of profile for that specific host where you would indicate the port of your remote server, FQDN, user to be used (if different from your actual UNIX user) and other "client profile" for your ssh initiated connection.
Whereas the host="host.domain.com" in the authorized_keys file is for incoming ssh connections.

ssh_config, ~/.ssh/config and private keys are for the ssh client configuration.
sshd_config, /.ssh/authorized_keys/public keys, .shosts and .shosts.equiv are for the sshd daemon/server (or incoming connections).

Hope this makes it clearer for you.

----- Original Message ----
From: László Monda <laci@xxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Sent: Tuesday, June 10, 2008 9:26:50 AM
Subject: Pattern specification trouble

Hi List,

`man ssh' says:

----8<----

A pattern-list is a comma-separated list of patterns. Patterns within
pattern-lists may be negated by preceding them with an exclamation mark
(‘!’). For example, to allow a key to be used from anywhere within an
organisation except from the “dialup” pool, the following entry (in
authorized_keys) could be used:

from="!*.dialup.example.com,*.example.com"

----8<----

It is confusing to me because it specifies pattern syntax in the context
of authorized_keys. I want to use patterns with the Host directive in
~/.ssh/config

I've tried to use the following directives with no success:

Host "wondeer.com,*.wondeer.com"
Host wondeer.com,*.wondeer.com
Host from="wondeer.com,*.wondeer.com"

How should I use the damn thing?

Thanks in advance.

--
Laci



__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!

http://www.flickr.com/gift/



Relevant Pages

  • Re: restricted users
    ... This keyword can be followed by a list of user name patterns, ... used as wildcards in the patterns. ... By default, login is ... If the pattern takes the form USER@HOST then USER and HOST are ...
    (SSH)
  • Re: BLOCK SSH FOR CERTAIN USERS
    ... This keyword can be followed by a list of user name patterns, ... login is allowed for all ... HOST are separately checked, restricting logins to particular ...
    (comp.unix.aix)
  • Re: BLOCK SSH FOR CERTAIN USERS
    ... This keyword can be followed by a list of user name patterns, ... login is allowed for all ... HOST are separately checked, restricting logins to particular ...
    (comp.unix.aix)
  • Re: How to deny on ssh
    ... (I've just re-checked it under AIX 5.1 and 5.2) ... user names that match one of the patterns. ... login is allowed for all users. ... pattern takes the form USER@HOST then USER and HOST are ...
    (comp.unix.aix)